Torrents – The Dangers to your Network

A torrent is a file that holds metadata containing information in it.  There is no actual content in the file itself, however, when opened by Bitorrent software, the metadata in the original file allows the users to download the content.  Very often this content is copyrighted material which is often illegal.

Essentially, torrenting is the act of downloading many bits of data to form a complete file which is most often a movie or TV series.  The negative consequences here for companies are two-fold.Firstly, they are allowing their networks to be used for illegal purposes.Secondly, torrenting is bandwidth-intensive.  It uses up a lot of the available bandwidth essentially negatively impacting the organisation’s key data resources and causing business-critical applications and systems to become less responsive.  

Additionally, torrent sites are a well-known source of malware and viruses.  Users accessing these sites are often the victims of a malware infection without knowing it.  This infection can then spread through your organization’s network like wildfire resulting in bringing your network to a complete standstill, or worse, a ransomware attack, theft of sensitive data, it can cost your company a fortune, perhaps even it’s future. Some torrent sites such as The Pirate Bay, include a form malware called cryptojacking where visitors to the site have a form of malware installed and hides  on there PC or mobile device and then uses all their data resources for cryptocurrency mining

The obvious solution here would be to simply block this traffic.  However, torrenting has grown up with the rest of the Internet and for the most part, no longer uses the HTTP (Hypertext Transfer Protocol) protocol, rather now most torrents sites are HTTPS (Hypertext Transfer Protocol Secure) sites.  What this means is that the data is encrypted and cannot be intercepted by a third party, by extension, one can no longer identify traffic from HTTPS sites by merely viewing your network traffic, torrenting and other suspect traffic on the HTTPS protocol is only visible if you are looking for it specifically.

Sounds like a lot of work I know.  Luckily, there are solutions available now, such as the LucidView MikroTik Enforcer that does this for you.  The LucidView Enforcer examines each and every connection made in or out of your network, and immediately kills off any that are deemed suspicious.  With the Enforcer solution in place, you don’t need to know what the suspicious connection is, you just need to know that you have safeguarded against it.
For more info on the LucidView Enforcer and what it can add to your arsenal of cyber-security weapons please visit our website at www.lucidview.net